• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2020-20901
    CVE-2020-20901
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22022. Reason: This candidate is a duplicate of CVE-2020-22022. Notes: All CVE users should reference CVE-2020-22022 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:20 | 回复:0
  • CVE-2020-20900
    CVE-2020-20900
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22032. Reason: This candidate is a duplicate of CVE-2020-22032. Notes: All CVE users should reference CVE-2020-22032 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2020-20899
    CVE-2020-20899
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22036. Reason: This candidate is a duplicate of CVE-2020-22036. Notes: All CVE users should reference CVE-2020-22036 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2020-20898
    CVE-2020-20898
    Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:29 | 回复:0
  • CVE-2020-20897
    CVE-2020-20897
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22035. Reason: This candidate is a duplicate of CVE-2020-22035. Notes: All CVE users should reference CVE-2020-22035 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2020-20896
    CVE-2020-20896
    An issue was discovered in function latm_write_packet in libavformat/latmenc.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a Null pointer derefer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:22 | 回复:0
  • CVE-2020-20895
    CVE-2020-20895
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22028. Reason: This candidate is a duplicate of CVE-2020-22028. Notes: All CVE users should reference CVE-2020-22028 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:25 | 回复:0
  • CVE-2020-20894
    CVE-2020-20894
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22025. Reason: This candidate is a duplicate of CVE-2020-22025. Notes: All CVE users should reference CVE-2020-22025 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:12 | 回复:0
  • CVE-2020-20893
    CVE-2020-20893
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22030. Reason: This candidate is a duplicate of CVE-2020-22030. Notes: All CVE users should reference CVE-2020-22030 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2020-20892
    CVE-2020-20892
    An issue was discovered in function filter_frame in libavfilter/vf_lenscorrection.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts due to a division by zer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2020-20891
    CVE-2020-20891
    Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:19 | 回复:0
  • CVE-2021-40674
    CVE-2021-40674
    An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:16 | 回复:0
  • CVE-2021-39402
    CVE-2021-39402
    MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:14 | 回复:0
  • CVE-2020-21913
    CVE-2020-21913
    International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:12 | 回复:0
  • CVE-2019-16651
    CVE-2019-16651
    An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:13 | 回复:0
  • CVE-2021-24741
    CVE-2021-24741
    The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:27 | 回复:0
  • CVE-2021-24663
    CVE-2021-24663
    The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitra ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:27 | 回复:0
  • CVE-2021-24657
    CVE-2021-24657
    The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2021-24640
    CVE-2021-24640
    The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:10 | 回复:0
  • CVE-2021-24639
    CVE-2021-24639
    The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgf_ajax_empty_dir AJAX action, which allows any authenticated users to delete arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:27 | 回复:0
  • CVE-2021-24638
    CVE-2021-24638
    The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:24 | 回复:0
  • CVE-2021-24637
    CVE-2021-24637
    The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2021-24636
    CVE-2021-24636
    The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:20 | 回复:0
  • CVE-2021-24635
    CVE-2021-24635
    The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:25 | 回复:0
  • CVE-2021-24618
    CVE-2021-24618
    The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:16 | 回复:0
  • CVE-2021-24613
    CVE-2021-24613
    The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the fr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:18 | 回复:0
  • CVE-2021-24609
    CVE-2021-24609
    The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2021-24606
    CVE-2021-24606
    The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:38 | 回复:0
  • CVE-2021-24604
    CVE-2021-24604
    The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privil ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:25 | 回复:0
  • CVE-2021-24600
    CVE-2021-24600
    The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:27 | 回复:0
  • CVE-2021-24597
    CVE-2021-24597
    The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:23 | 回复:0
  • CVE-2021-24596
    CVE-2021-24596
    The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting atta ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:34 | 回复:0
  • CVE-2021-24587
    CVE-2021-24587
    The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:15 | 回复:0
  • CVE-2021-24585
    CVE-2021-24585
    The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Tim ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:23 | 回复:0
  • CVE-2021-24584
    CVE-2021-24584
    The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:11 | 回复:0
  • CVE-2021-24583
    CVE-2021-24583
    The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:21 | 回复:0
  • CVE-2021-24582
    CVE-2021-24582
    The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its Consumer key setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:17 | 回复:0
  • CVE-2021-24530
    CVE-2021-24530
    The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltere ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:23 | 回复:0
  • CVE-2021-24525
    CVE-2021-24525
    The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:23 | 回复:0
  • CVE-2021-24511
    CVE-2021-24511
    The fetch_product_ajax functionality in the Product Feed on WooCommerce WordPress plugin before 3.3.1.0 uses a `product_id` POST parameter which is not properly sanitised, escaped or validated before ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:45 | 阅读:16 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap